Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (327 reviews)

4.2 out of 5

327 reviews
93% willing to recommend

What is Splunk Enterprise Security?

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, Wazuh, CrowdStrike Falcon and more!

Splunk Enterprise Security is the #1 ranked solution in top Security Information and Event Management (SIEM) solutions, #1 ranked solution in top IT Operations Analytics solutions, and #2 ranked solution in Log Management Software. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Splunk Enterprise Security is most commonly compared to Wazuh: Splunk Enterprise Security vs Wazuh. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Buyer's Guide

Splunk Enterprise Security

August 2025

Get the report

Helped 865,738 peers since 2012

Featured Splunk Enterprise Security reviews

ROBERT-CHRISTIAN

CTO at kyndryl

In our organization, we use our own tools such as Kyndryl Bridge and Elastic. We use Kyndryl Bridge which essentially has a similar function. It is based on Elastic. It indexes log files and flags log files. It helps you to very quickly search log files similar to the Splunk algorithm. Our clients use Splunk Enterprise Security. If somebody already has Splunk as a business intelligence tool, then very often, it makes sense to expand the Splunk subscription they have to include Enterprise Security as well. We base our decisions on customer requirements, not on anything else. If a customer comes to us looking for a SIEM solution, we advise them based on their infrastructure and objectives. If we deliver the service for them and they want us to do that, we mostly go with Microsoft Sentinel when they already do not have Splunk. Otherwise, we go with Splunk Enterprise Security. We have about 30 customers in Germany who have Splunk, and we run it for them. Monitoring multiple clouds with Splunk Enterprise Security is no more difficult than it is with Sentinel. I find Sentinel a bit easier. Splunk, of course, is very useful if you have AWS. Generically, because Splunk is not a cloud provider itself, it fits with anything. However, integration can be challenging at times, especially in virtualized environments. Splunk struggles a bit with speed in virtualized environments. Most importantly, Splunk can be outrageously expensive. That is the problem with both Splunk and Sentinel. Their pricing literally explodes based on the amount of data you feed in. I like Elastic SIEM. It is a tool that allows you to determine the price. It is based on the computing power you require and not on the amount of data you put in, so it is a lot more flexible than Splunk or Sentinel. If there is a cost concern, Elastic SIEM is a good idea. Elastic is also pretty good at creating on-premises data lakes to control the amount of information you put into the same tool. That is something that neither Splunk nor Sentinel offers. In our operations, we use a separate threat intelligence vendor. To the SIEM tool, we added a SOAR tool for security orchestration, automation, and response, which is very critical these days. We get threat intelligence from a third-party provider because neither Splunk nor Microsoft gives the coverage that our customers need. Splunk does not have a SOAR capability, so we add that on top. We could add that on top of any tool, so it is not specific to Splunk, but Splunk helps because going through the log files is very fast. It does help when you do the incident analysis. Elastic also provides that, and Sentinel has that to some degree, but Splunk is still the Google for log files. MITRE ATT&CK framework is integrated pretty much into any SIEM tool. It is not unique to Splunk. It is there in QRadar and other solutions. MITRE ATT&CK framework is helpful when designing incident response plans or playbooks. It is nice that they have it, but that is nothing unique to Splunk.

Read full review

Ashiq Ashraf

Specialist-Infrastructure Opertions at Allianz Technology

The most valuable features of Splunk Enterprise Security are several add-ons and TAs, while the lack of a DB requirement is a significant advantage for the business, allowing easier management without needing in-depth DB knowledge. I find that Splunk Enterprise Security's ability to import data from various sources, including looking up Excel files, is quite effective, providing a good way for management. We import data from several unique data sources into Splunk Enterprise Security, possibly more than a hundred because we have AWS and multiple servers. We have disparate security solutions that integrate data into Splunk Enterprise Security. I can still query data in Splunk Enterprise Security regardless of where it resides, and in my perspective, the query provides data quickly. Splunk Enterprise Security has improved our organization's ability to ingest and normalize data compared to before using Splunk Enterprise Security. The unified platform helps consolidate networking, security, and IT observability tools, which is very relevant to our internal needs. Using Splunk Enterprise Security, our focus was not on reducing alert volume but on properly finding and handling alerts; we've managed to capture 100% of them effectively. Splunk Enterprise Security provides the relevant context to help guide investigations by allowing us to share application logs and details with clients efficiently. We utilize out-of-the-box detections in Splunk Enterprise Security, and we have created dashboards that add value to our monitoring efforts. Customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security is easy; it has been a good experience without significant difficulties. We upgraded to Splunk Enterprise Security from version 8.0.4 to 9.0.6, and also from 8.1.4 to 9.0.6; it worked well with the support we received from the team, and it has proven to be very useful. Splunk Enterprise Security provides the foundation for unified threat detection, investigation, and response, enabling fast identification of critical issues.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

Splunk has a vast integration with multiple vendors, which makes it easy for our customers to integrate various cloud environments. Splunk provides complete visibility when integrated with all installed appliances and applications. The threat intelligence management feature is a good add-on for startups, especially given its affordability. Splunk allows organizations to ingest and normalize data effectively. Splunk simplifies real-time problem identification and resolution by seamlessly integrating existing customer and vendor systems. Its customizable dashboards can be tailored to map and reflect specific environmental needs precisely. The threat topology and MITRE ATT&CK framework features can help discover the full scope of a security incident, provided they are fully integrated into the customer's environment. Splunk's comprehensive log visibility enables efficient investigation of malicious activities and breaches. By generating a dashboard that collects logs from firewalls, emails, proxy endpoints, and threat intelligence, Splunk can provide access to critical information within seconds, significantly reducing investigation time compared to other vendors or solutions. This streamlined process, facilitated by Splunk's ability to gather and analyze diverse log data, ensures swift identification and resolution of security incidents. It helps our customers improve their organization's business resilience. The unified platform helps consolidate networking infrastructure and security. This single-platform approach offers the advantage of combining multiple technologies and features, streamlining operations and enhancing efficiency. Implementing Splunk with SOAR capabilities, along with machine learning and AI for alert filtering, can significantly reduce alert volume without constantly interrupting administrators. This streamlined approach ensures that only alerts requiring approval are sent to administrators, optimizing their workflow and efficiency. The analysts using Splunk, even the free edition, are very satisfied with the information it provides for their investigations. Splunk has helped customers accelerate their security investigations by integrating AI and machine learning into its platform. This integration automates many basic tasks and saves valuable time. Splunk helps reduce our customer's mean time to resolve.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of August 2025, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 9.4%, down from 11.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Splunk Enterprise Security	9.4%
Wazuh	11.8%
IBM Security QRadar	7.4%
Other	71.4%

Security Information and Event Management (SIEM)

PeerResearch reports based on Splunk Enterprise Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Aug 25, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 25, 2025	Download
Comparison	Splunk Enterprise Security vs Wazuh	Aug 25, 2025	Download
Comparison	Splunk Enterprise Security vs Microsoft Sentinel	Aug 25, 2025	Download
Comparison	Splunk Enterprise Security vs IBM Security QRadar	Aug 25, 2025	Download

Title	Rating	Mindshare	Recommending
Wazuh	3.7	11.8%	80%	48 interviews Add to research
CrowdStrike Falcon	4.3	4.7%	96%	132 interviews Add to research

Valuable Features

Splunk Enterprise Security's most valuable features include robust log management, fast data search, flexible query language, comprehensive dashboards, and seamless integration with multiple data sources. It excels in threat detection, correlation search, and providing real-time alerts. Its schema-on-read technology enables efficient data storage and reuse, enhancing operational intelligence. Users appreciate its user-friendly interface, advanced analytics, and machine learning capabilities for customized, actionable insights across multi-cloud and on-premises environments.

"The best features I've experienced over the past six years with Splunk Enterprise Security are the ability to create use cases and the flexibility to customize searches and use cases based on our specific requirements."
"From a visibility perspective, the solution has significantly improved our organization by providing a single platform to visualize our entire IT landscape."
"The product is generally stable and forgiving."

Room for Improvement

Splunk Enterprise Security requires enhancements in areas such as its user interface, integration capabilities, and threat detection efficacy. Users find the platform complex, with a steep learning curve, necessitating more intuitive tools and clearer documentation. The high cost is often prohibitive, with pricing models needing adjustment to be more competitive in the market. Improved machine learning, artificial intelligence features, and automation would boost usability. Technical support and training resources also need significant improvement.

"Regarding room for improvement, I expect Splunk to provide information about new features on a regular basis, such as notifications about enhancements that may improve security posture."
"The integration feature with other applications, such as anti-DDoS application Arbor, needs to be more powerful."
"Its deployment is difficult. I remember when I first started learning, I faced several challenges, especially when deploying VMware in a virtual environment."

ROI

Users experienced a high return on investment from Splunk Enterprise Security, mainly through time savings, improved visibility, and better threat detection. Many users automated certain tasks, leading to significant manpower reduction. Some users mentioned financial savings through quicker issue resolutions. Other benefits included faster dashboard creation and real-time decision making, greatly enhancing security and operational efficiency. A few users expressed challenges regarding licensing costs and assessing ROI in a nonprofit setup.

Pricing

Splunk Enterprise Security's pricing is perceived as high, mainly structured around data volume ingested per day. While some organizations find it fair for the comprehensive features offered, others consider it expensive and suggest optimization to reduce costs. Licensing can be complex, with additional costs for specific capabilities, making careful evaluation of data needs crucial. Despite its price, many users appreciate its robust functionalities, rendering it a competitive option amid other SIEM solutions.

"The pricing of Splunk Enterprise Security is somewhat high, but comparing it with its benefits, it's acceptable. It depends on the type of business."
"Pricing and licensing are quite high compared to other tools or SIEM tools, but the features justify it."
"Splunk Enterprise Security is a bit expensive overall, but it provides good value."

Popular Use Cases

Organizations utilize Splunk Enterprise Security primarily for security operations, including log aggregation, monitoring, and threat detection. They implement it to build security operation centers (SOC), track security incidents, and correlate logs for proactive threat prevention. Users employ it for analyzing user behaviors, application monitoring, creating dashboards, and real-time alerts. The platform supports compliance, incident investigation, infrastructure management, and provides enhanced visibility into potential threats with various integration capabilities.

Service and Support

Splunk Enterprise Security's customer service and support are generally well-regarded, with many users praising responsiveness and effectiveness. Some find premium support more beneficial, citing faster response times. However, a few note occasional delays and complexity, reflecting a need for improvement. The engaged community and comprehensive documentation offer additional support avenues. While some users mention challenges, they appreciate the knowledgeable support staff. Splunk provides varied support levels, ensuring different user needs are met efficiently.

Deployment

Splunk Enterprise Security's initial setup is generally straightforward but can vary in complexity. Users mentioned that while the basic installation is easy, deploying in distributed environments or customizing can pose challenges. There is a learning curve for new users, requiring skilled personnel. Clustering and high availability configurations add difficulty. However, Splunk's documentation and support are helpful, and many find the cloud deployment faster and simpler compared to on-premises setups.

Scalability

Splunk Enterprise Security offers robust scalability, suiting both small and large organizations. It's praised for strong capacity across diverse environments, supporting extensive data and users. While costly, its horizontal and vertical scaling is efficient. Cloud deployment simplifies scalability, though on-premises requires careful planning and resources. Companies leverage its adaptability for comprehensive log and security needs, with scalability remaining a key strength, making it a preferred choice for high-volume operations.

Stability

Users frequently highlight the stability of Splunk Enterprise Security, noting its reliability and minimal issues. While some encounter occasional bugs or resource challenges, most find it robust and consistent in performance. Many praise its resilience, especially when configured optimally, although a few mention the need for capacity planning to handle large data volumes efficiently. Despite minor hiccups, users generally report positive experiences, appreciating its stability and dependability for data management tasks.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	99
Midsize Enterprise	42
Large Enterprise	205

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1011
Midsize Enterprise	644
Large Enterprise	2568

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

14%

Manufacturing Company

Government

University

Educational Organization

Healthcare Company

Retailer

Comms Service Provider

Insurance Company

Non Profit

Real Estate/Law Firm

Energy/Utilities Company

Performing Arts

Media Company

Construction Company

Legal Firm

Outsourcing Company

Transportation Company

Hospitality Company

Wholesaler/Distributor

Pharma/Biotech Company

Aerospace/Defense Firm

Recreational Facilities/Services Company

Consumer Goods Company

Marketing Services Firm

Logistics Company

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

Which would you recommend to your boss, IBM QRadar or Splunk?

What are some of the best features and use-cases of Splunk?

What SOC product do you recommend?

Splunk as an Enterprise Class monitoring solution -- thoughts?

2,221

What is the biggest difference between Dynatrace and Splunk?

IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?

What are the advantages of ELK over Splunk?

How does Splunk compare with Azure Monitor?

New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?

Splunk vs. Elastic Stack

Product Categories

Security Information and Event Management (SIEM)

Log Management

IT Operations Analytics

Popular Comparisons

Wazuh vs Splunk Enterprise Security

CrowdStrike Falcon vs Splunk Enterprise Security

Microsoft Sentinel vs Splunk Enterprise Security

Dynatrace vs Splunk Enterprise Security

Datadog vs Splunk Enterprise Security

New Relic vs Splunk Enterprise Security

IBM Security QRadar vs Splunk Enterprise Security

Elastic Security vs Splunk Enterprise Security

Splunk AppDynamics vs Splunk Enterprise Security

Grafana Loki vs Splunk Enterprise Security

Elastic Observability vs Splunk Enterprise Security

Graylog vs Splunk Enterprise Security

Security Onion vs Splunk Enterprise Security

Palantir Foundry vs Splunk Enterprise Security

Cortex XSIAM vs Splunk Enterprise Security

See all alternatives

Splunk Enterprise Security Reviews Summary
Author info	Rating	Review Summary
Splunk System Engineer at a non-tech company with 11-50 employees	4.5	I find Splunk Enterprise Security invaluable for reducing alert volume and speeding up security investigations with a powerful correlation engine. However, its user interface needs improvement, especially in visualizations, and it's pricey for smaller companies.
Security & Risk Analyst at a computer software company with 1,001-5,000 employees	4.0	I primarily use Splunk Enterprise Security for detecting anomalous behavior by integrating various log sources, benefiting from its user-friendly interface and excellent integrations. However, it requires careful setup and has room for improvement in threat intel and search speed.
CTO at a tech vendor with 10,001+ employees	4.5	As an MSSP, we use Splunk Enterprise Security for customers, praising its 50,000 predefined rules. However, creating custom rules is complex, and integration can be costly. We recommend other SIEM tools like Elastic when cost is a concern.
Specialist-Infrastructure Opertions at Allianz Technology	4.0	I use Splunk Enterprise Security for comprehensive monitoring, benefiting from easy data integration and fast queries. Its add-ons and unified platform enhance our operations, although more application monitoring and AI capabilities would improve its functionality. AWS supports our deployment.
DevOps&Cloud Engineer Mentee at CertDirectory.io	4.0	I primarily use Splunk Enterprise Security for log management and find its documentation exceptional. It offers fast log retrieval and an improved UI, though AI features could enhance analysis. Its efficiency saves time compared to other SIEM solutions.
System Engineer - Security Presales at Raya Integration	4.5	As a system integrator, I implement Splunk for customers, valuing its stability and customizability through Splunk Search Processing Language. However, enhancements in network detection, fraud management, threat intelligence, and competitive pricing would be beneficial. Customers view it as a worthwhile investment.
CEO at CygenIQ	4.5	I mainly used Splunk Enterprise Security for data ingestion, malware analysis, and user behavior analytics. While its threat-hunting features are valuable, it needs a better rule engine to reduce false positives and improve integration capabilities.
Staff Performance Engineer at ServiceNow	4.5	I use Splunk Enterprise Security for real-time monitoring and alerting on sub-prod instances. It offers valuable dashboard features for performance monitoring, though data retention and dashboard detail could be improved. Compared to alternatives, it is cost-effective and meets organizational needs.

Splunk Enterprise Security Reviews

What is Splunk Enterprise Security?

Featured Splunk Enterprise Security reviews

Splunk Enterprise Security mindshare

PeerResearch reports based on Splunk Enterprise Security reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Splunk Enterprise Security customers

Related articles

Related questions

Product Categories

Popular Comparisons